Hi,

I wrote a post someday ago about difficulties regarding ZCS and Samba/LDAP integration -> however haven't got any feedback on the forum ... anyway as we hold NE licence together with Polish Zimbra support team we discovered weird issue. ACL to userPassword
olcAccess: {0}to attrs=userPassword by anonymous auth by dn.children="cn=admins,cn=zimbra" write

only allows ZCS admins to write but not zmposixroot which is case of Samba and POSIX is designated to the same thing - BIND to LDAP and modify password.

So we have changed this ACL to this one:
olcAccess: {0}to attrs=userPassword by anonymous auth by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by
dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read

So what was done with this:
1) from Windows changing password now works 100% -> userPassword + NT/LM
2) from Linux changing password works 50% -> userPassword OK, but need to install something to refresh NT/LM passwords as well
3) from ZCS we will install the extension for Samba passwords sync

Is this approach correct? I mean changing ACL {0}. If yes I think it should be mentioned to wiki related to Samba integration.

Thanks,
Marcin